-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ashley M. Kirchner wrote: > Mike Wohlgemuth wrote: >> Here's what I do: >> >> -N LOGDROP >> -A LOGDROP -j LOG --log-prefix "$IPTABLES drop:" >> -A LOGDROP -j DROP >> >> Then you can add lines for the things you want logged like this: >> >> -A INPUT -s www.xxx.yyy.zzz/aa -j LOGDROP > Now that works great (I removed the $ from it.) The only, small, > issue is that I'd like some kind of identifier when it logs, instead > of just saying 'IPTABLES drop:'. Is there a way of saying something > like, 'all these IP ranges belong to .ru domains' and then when it > logs the packet, to have the prefix say 'IPTABLES drop .ru: ' And > do the same for other ranges that are defined (at the moment they > have .ru, .hk, .cn, etc., etc. blocked.) > > Or do I have to create individual chains for each one, and change > the prefix on each? > It is usually easier to allow from a few and DROP everyone else. You should not be say excluding country domains for any reason. The more complex you make the rules, the more chance for errors. Besides, the IP addresses are not always static. As new IP service providers are added you will have to update your table like crazy.... Just my opinion. - -James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFmZLkNLDmnu1kSkRApw5AJ9mEhgb0eho7IUkc3eAecDkmLZP0ACeIqnb Y9fIOgN+8ye5lKfnhj4NRuY= =VVXR -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
